Data protection notice
We take data protection and confidentiality very seriously and adhere to the provisions of the European General Data Protection Regulation (EU GDPR) and the applicable national data protection legislation. Please read this data protection notice carefully before submitting a report.
Purpose of the whistleblowing system
The whistleblowing system (BKMS® System) serves for securely and confidentially receiving, processing and managing reports regarding violations of the compliance rules of Bischöfliches Hilfswerk MISEREOR e.V., hereinafter referred to as 'MISEREOR‘. Personal data and information entered into the whistleblowing system are stored in a database operated by EQS Group GmbH on behalf of MISEREOR in a high-security data centre.
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and the BKMS® System, a cookie is stored on your computer that merely contains the session ID (a so-called session cookie). This cookie is only valid until the end of your session and expires when you close your browser.
It is possible to set up a postbox within the whistleblowing system that is secured with an individually chosen user name and password. This allows you to send reports to the responsible employee at MISEREOR either by name or in an anonymous, safe way. This system only stores data inside the whistleblowing system, which makes it particularly secure. It is not a form of regular email communication.
Personal data
Use of the whistleblowing system is voluntary. If you submit a report via the whistleblowing system, we collect the following personal data and information:
- Your name, if you reveal your identity
- Whether you are employed at MISEREOR, if you wish to disclose this information
- The names of persons and other personal data of persons whom you name in your report, if applicable
Confidential handling of reports and personal data
Only MISEREOR has access to the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.
All data is encrypted and stored with multiple levels of password protection so that access is restricted to a very small selection of expressly authorised and specially trained persons at MISEREOR. These persons receive incoming reports, evaluate the matter and perform any further investigation required by the specific incident. Incoming reports are always handled confidentially.
Within the framework of processing a report or within a special investigation, it may be necessary to share reports with additional employees of MISEREOR or of project partners, e.g. if the reports refer to incidents in organisations of project partners.The latter may be based in countries outside the European Union or the European Economic Area with different regulations on the protection of personal data. However, we always ensure that the German data protection regulations are followed when sharing reports.
All persons who receive access to the data are obligated to maintain confidentiality. There is no automated decision-making, for example by means of profiling.
Retention period of personal data
Personal data is retained for as long as it is deemed necessary to clarify the situation and perform an evaluation and for as long as there is a legitimate interest of MISEREOR or retention is required by law. After the report processing is concluded, this data is deleted in accordance with the statutory requirements.
Legal basis
The processing of personal data within the BKMS® System is based on the legitimate interest of MISEREOR to detect and prevent malpractice and thus to avert damage to MISEREOR, its project partners and staff. Processing of personal data is done in accordance with Section 6 (1) (g) of the German Act on Data Protection in Churches (Kirchliches Datenschutzgesetz, KDG). The data protection regulations of the European General Data Protection Regulation (EU GDPR) are observed.
Responsible authority and data security
The party responsible for data protection in the whistleblowing system is Bischöfliches Hilfswerk MISEREOR e.V., represented by the Board of Directors, comprising Dr Andreas Frick, Dr Bernd Bornhorst and Annette Ptassek, Mozartstr. 9, 52064 Aachen, Germany (Phone: +49 (0) 241 442-0; Email: info@misereor.de). The whistleblowing system is operated by a specialised company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of MISEREOR.
Inquiries regarding data protection at MISEREOR may also be directed to the MISEREOR data protection officer,
Dr Jörn Voßbein
UIMC Dr. Voßbein GmbH & Co KG
Otto-Hausmann-Ring 113
42115 Wuppertal
Germany
Phone: +49 (0) 202 – 946 77 26 200
Fax: +49 (0) 202 – 946 77 26 9200
Email: datenschutz.misereor@uimc.de
Rights of the data subject
You and the persons named in the report have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, you have the right to lodge a complaint with a supervisory authority.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send attachments to the responsible MISEREOR employee. If you wish to submit an anonymous report, please take note of the following security advice: Files can contain hidden personal data that could endanger your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.
Version: 26 June 2020